It turned out that the partitions "DomainDNSZones" and "ForestDNSZones" were a lost cause. To fix this you need to perform the following steps:

1. use NTDSUtil to remove the replicas for both ForestDNSZone and DomainDNSZone. Wait for replication. Verify the changes took place then delete each of the partitions.

2. After the deletion has processed to all domain controllers, go into DNS Management and change the Zone to Forest Level/Domain Level. Active Directory will automatically recreate the partition within Active Directory. These new AD application partitions will automatically replicate to all DNS servers. These will then be accessible through ADSI Edit.

It may take over 30 minutes to get to synchronise the DNS zone around - AD is very slow when it comes to DNS.

After this no errors are showing up in the DNS or Active Directory event logs, diagnostics come back clean.

2 comments:

In step 1 once we delete the partitions dc=ForestDNSZone,dc=domain,dc=com & dc=DomainDNSZone,dc=domain,dc=com the dnsmgmt.msc window will become empty so then how come we can change change the Zone to Forest Level/Domain Level.